Server Firewall Management

This article explains the functionality of our exclusive server firewall for split-dedicated plans.

This article was last updated on November 4th, 2015

Our Split-Dedicated and Dedicated Server plans have fully customizable server firewalls. We've developed an in-house tool which can be found in our customer's cPanel, allowing for easy configuration of the firewall. This tool is intended to allow for simple restrictions to comply with PCI regulations, as well as allow our customers to easily block, unblock, and whitelist IP addresses and networks.

In cPanel, in the "Security" section, there will be a link to a page titled "Server Firewall". Clicking into this page will present the tool discussed in this article.

Server Firewall Port Management

There are two areas of this page which are separated by their role in configuring the firewall. The top section is used enable or disable access to individual ports. The changes in the top area of the page related to ports only affect the IP address assigned to the cPanel account. For a Split-Dedicated server, you can configure multiple cPanel accounts on your server, so these rules only apply to the IP address used by this account (though that may be shared by more than one of your accounts).

If you want to disable a port in the firewall, you can easily do so by enabling the checkbox on the left hand of the table. Once you click "Save Firewall Port Settings", the firewall will immediately update with your changes.

In general we recommend disabling any port that you don't intend to actually use. Some services, like MySQL, will not accept connections regardless of if the port is open. In the case of MySQL, you will need to enable remote access in addition to ensuring the port is not blocked in the firewall.

Server Firewall Network Access

The lower section of the page is intended to allow for control over which IP networks and addresses are allow to access your entire split-dedicated server. These changes affect all IP addresses on your server, unlike the top section of the page which is specific to your account's assigned IP address.

By default you will not have any configured network access rules, so there won't be any rules to remove. There are a few options specific to this section of the page, which are as follows.

Unblock

This is very basic functionality of the firewall. By default the firewall will attempt to block any traffic that appears to be malicious in nature; this process will sometimes be overly aggressive, resulting in undesirable temporary bans.

Block

This is similarly basic in purpose to the "Unblock" functionality, but it instead blocks access to an IP or network. In the event that the firewall is unable to block abusive traffic automatically, you can use this functionality to block networks. This option can be used by monitoring your website's access logs, and blocking networks which are sending abusive traffic to your site (potentially overloading it).

Ignore

This option allows you to effectively "whitelist" an IP address or network from getting blocked. Typically whitelisting refers to allowing a network past other rules, but in this context we are referring to preventing the firewall from blocking a network. We recommend you add your own IP addresses to the firewall using this feature, to prevent yourself from getting blocked.

Applying what we've discussed

In the screen-shot on the right, you can see that now these networks are being ignored by the firewall. This means that they will no longer be eligible to get blocked. If you want to remove a network rule, you can do so easily by toggling the checkbox in the column titled "Remove" and submitting the request.

Your current IP address is 54.236.246.85, which we recommend adding to the firewall to "Ignore" if this is a static IP address (or one that changes infrequently). If you have a web developer or anyone else who should not be blocked, you can have them google for "What is my ip", which will tell them their public IP address you need for this tool.